Hackers id founded 94.74.81.92:80

this post created because some chess lovers dowload this files
he is cracked Total war
https://www.reddit.com/r/techsupport/comments/4hyb49/machine_dns_server53_what_is_it/
virusscan.org test file : Engine32.dll and find results
exe files creates dll files
Hacker Id :

c:\windows\system32\riched20.dll
ole32.dll
comctl32.dll

this result is false MD5 c4d483c716f9bca44eaec7b2c8dbc0e5
SHA-1 f33d035c13bd939d14281d3fd1615bfc90e20a20
SHA-256 c902889dd83fbd941b632e20d073d34da61a175a1d9bc6f930462d6ccbea1dd9
Authentihash 169c53f9a2b08c796b2c32dc06ea0fc4189721b2810a8484b5df18d8074950b4
Imphash af259ff2e92553acc666c7197a0a84de
SSDEEP 3072:sc6PKbnv3RzTow0VyS+B4bjDpORM/VTIuizRt5:s6nvtTowMyGrTI3J
File type Win32 DLL
Magic PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
File size 149.92 KB (153520 bytes)
History
Creation Time 2018-05-14 09:37:22
Signature Date 2018-05-14 10:37:00
First Submission 2018-05-16 13:31:07
Last Submission 2018-05-23 13:38:44
Last Analysis 2018-06-13 14:09:00
Names
Engine32.dll
Signature Info
Signature Verification
Signed file, valid signature
File Version Information
Date signed 10:37 AM 5/14/2018
Signers
ChessBase - Schachprogramme-Schachdatenbank Verlagsgesellschaft
Symantec Class 3 SHA256 Code Signing CA
VeriSign
Counter Signers
Symantec Time Stamping Services Signer - G4
Symantec Time Stamping Services CA - G2
Thawte Timestamping CA
Portable Executable Info
Header
Target Machine Intel 386 or later processors and compatible processors
Compilation Timestamp 2018-05-14 09:37:22
Entry Point 42407
Contained Sections 6
Sections
Name Virtual Address Virtual Size Raw Size Entropy MD5
.text 4096 87925 88064 6.58 9d74cbfcc35f533a3deaa85c43dcdd8a
.rdata 94208 31820 32256 4.97 62753564b7374282435d276f156476e8
.data 126976 13752 11264 7.11 b8701c90b36e4936b16de1a217d9a310
.gfids 143360 264 512 2.07 b189a56b8f028d3c3cf68abce6e750d1
.rsrc 147456 480 512 4.72 daefabcc5853733844632a0d26725281
.reloc 151552 6612 6656 6.53 2a47337ebb4056f3c68685d63234b052
Imports
KERNEL32.dll
SHELL32.dll
ole32.dll
Exports
Engine32
Contained Resources By Type
RT_MANIFEST 1
Contained Resources By Language
ENGLISH US 1
Contained Resources
SHA-256 File Type Type Language
4bb79dcea0a901f7d9eac5aa05728ae92acb42e0cb22e5dd14134f4421a3d8df ASCII text RT_MANIFEST ENGLISH US
ExifTool File Metadata
CodeSize 88064
EntryPoint 0xa5a7
FileType Win32 DLL
FileTypeExtension dll
ImageVersion 0.0
InitializedDataSize 53760
LinkerVersion 14.0
MIMEType application/octet-stream
MachineType Intel 386 or later, and compatibles
OSVersion 6.0
PEType PE32
Subsystem Windows GUI
SubsystemVersion 6.0
TimeStamp 2018:05:14 10:37:22+01:00
UninitializedDataSize 0
VirusTotal

Adware.Agent.abst
id : <MACHINE_DNS_SERVER>:53 (UDP)

Name
2017-02-13
13
/ 56
Win32 EXE
VsHub.exe
2018-09-15
42
/ 67
Win32 EXE
MSPDBSRV.EXE
2017-09-23
4
/ 64
Win32 EXE
DeskGoSetup
2018-04-26
0
/ 67
Win32 EXE
0
2018-05-03
0
/ 67
Win32 EXE
0
2018-05-12
0
/ 66
Win32 EXE
0
2018-06-09
1
/ 68
Win32 EXE
QQMusicDownloader.exe
2018-07-26
1
/ 68
Win32 EXE
DeskGoSetup
2018-09-12
1
/ 68
Win32 EXE
DeskGoSetup
2018-07-25
0
/ 66
Win32 EXE
WinPE_PreBoot_Support_1.4.4.exe
msvcp140.dll 0/66

hackers id 94.74.81.92:80 (TCP)
<MACHINE_DNS_SERVER>:53 (UDP)

DNS Resolutions
myfilesupload.biz

finally hacker id :slight_smile: founded : :slight_smile:

virus first founded virus created at 2018
in 2019 04 22 ( gdata )
Bejing sc. antvirus 2019 3-4 ??

turk hacker
forum.avast.com/index.php?topic=228938.0

Turk hacker founded
Language turkish :
[PDF]
tc süleyman demirel üniversitesi fen bilimleri enstitüsü dosya … ( file name turkish file name )

tez.sdu.edu.tr/Tezler/TF03902.pdf
“94.74.81.92:80” TCP. Kurulan bağlantılar ve domainler “virustotal.com” üzerinden araştırılıp zararlı oldukları belirlenmiştir. “94.74.81.92” IP adresine ait …

opps sorry 94.74.81.92

https://www.hybrid-analysis.com/sample/988706aad4817c347b4e1b4cd224726efdf1047227ca4f42378f41de73265b75?environmentId=100

https://www.reddit.com/r/techsupport/comments/4hyb49/machine_dns_server53_what_is_it/
2016

https://db-ip.com/94.74.81.92
he know turkish language ?!
from Ukrania

Not Adware
Trojan+ Win32 :Evo : gen

Source : https://m.virscan.org/showreportlist/6d6728e07915b451cce4e9159b087bb4 Trojan + win32 evo gen
gdata analysis win32 evo gen
https://m.virscan.org/showreportlist/72c5aed92fdee7bbb46f928326183ec2

Virustotal test 2 https://www.virustotal.com/gui/ip-address/94.74.81.92/relations

Hi lichesssatrancturkiye,

IP is being blacklisted and alerted as “mnemonic secure dns” (qualifying for an IDS alert).
Blacklists:
- fortinet: Malware
- mnemonic_dns: Blacklisted according last urlquery dot net report, found in the Google cache from 2017-08-29 14:51:41 CEST

Cyber-opposition Turkey versus Ukraine could also be of importance here (eventual EU-membership ralley).
Alerts therefore may not always be totally impartial.
Certainly malware out there: https://www.malwareurl.com/listing.php?as=AS206963&active=on

polonus